We have a asp.net webforms project where we use Episerver as CMS 8. Recently, we switched to federated security with Owin Middleware as described here (but instead of WSFederation, we use OpenIdConnect)

With old configuration, we didn't have an application level authorisation rule. But after switching to federated security, we realised that while first login/logout happens successfully, second login attempt gets stuck in a redirection loop due to absence of "OpenIdConnect.nonce" cookie. In order to create the cookie again, we had to add authorisation rule to deny any unauthorised access. But now we cannot access public pages without authentication.

My questions are:
1- What is the right configuration for federated security with OpenIdConnect in Episerver?
2- Has anyone had the same "second login redirection loop" issue before? If so, how did they solve it?
2- How should the authorisation rules be for public pages and application in general?
3- If we have to add an authorisation rule to allow access to public pages, how can we add this for multi-language pages?

Note: Our authentication point is always Default.aspx, we don't have separate login/logout pages.

Owin Configuration

 public void Configuration(IAppBuilder app)
        {
            app.Use((context, next) =>
            {
                var httpContext = context.Get<HttpContextBase>(typeof(HttpContextBase).FullName);
                httpContext.SetSessionStateBehavior(SessionStateBehavior.Required);
                return next();
            }).UseStageMarker(PipelineStage.MapHandler);
            // This is used to prevent an issue, which leads to the following exception when trying to login to CMS:
            // IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null.
            app.UseKentorOwinCookieSaver();
            app.SetDefaultSignInAsAuthenticationType(SsoSettings.AuthenticationType);
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = SsoSettings.AuthenticationType //".AspNet.OpenIdConnect-Login"
            });
            var clientId = SsoSettings.ClientId;
            var clientSecret = SsoSettings.ClientSecret;
            var authority = SsoSettings.Authority;
            var redirectUri = SsoSettings.RedirectUri;
            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    AuthenticationType = SsoSettings.AuthenticationType,
                    ClientId = clientId,
                    ClientSecret = SsoSettings.ClientSecret,
                    Authority = authority,
                    RedirectUri = redirectUri,
                    PostLogoutRedirectUri = redirectUri,
                    ResponseType = SsoSettings.ResponseType,
                    Scope = SsoSettings.Scope,
                    UseTokenLifetime = true,
                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        AuthorizationCodeReceived = async n =>
                        {
                            var tokenClient = new TokenClient($"{authority}/connect/token", clientId, clientSecret);
                            var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, redirectUri)
                                .ConfigureAwait((false));
                            if (tokenResponse.IsError)
                                throw new ArgumentException(tokenResponse.Error);
                            var userInfoClient = new UserInfoClient(
                                new Uri($"{authority}/connect/userinfo"),
                                tokenResponse.AccessToken);
                            var userInfoResponse = await userInfoClient.GetAsync().ConfigureAwait(false);
                            var claims = userInfoResponse.GetClaimsIdentity().Claims.ToList();
                            n.AuthenticationTicket.Properties.Dictionary.Add(SsoSettings.IdTokenKey,
                                tokenResponse.IdentityToken);
                            n.AuthenticationTicket = new AuthenticationTicket(
                                new ClaimsIdentity(claims, SsoSettings.AuthenticationType, JwtClaimTypes.Email,
                                    JwtClaimTypes.Role), n.AuthenticationTicket.Properties);
                            //Sync user and the roles to EPiServer in the background
                            await ServiceLocator.Current.GetInstance<SynchronizingUserService>()
                                .SynchronizeAsync(n.AuthenticationTicket.Identity).ConfigureAwait(false);
                        },
                        RedirectToIdentityProvider = n =>
                        {
                            // Check if we have set a variable in Owin to prompt for login
                            var promptForLogin = n.OwinContext.Get<string>(SsoSettings.PromptKey) ==
                                                 SsoSettings.PromptLoginKey;
                            if (promptForLogin)
                            {
                                // Set the prompt
                                n.ProtocolMessage.Prompt = SsoSettings.PromptLoginKey;
                                // If we are going to logout, when the user is authenticated and the token is not expired
                                if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                                {
                                    // Cancel it, because it should prompt for login
                                    n.ProtocolMessage.RequestType = OpenIdConnectRequestType.AuthenticationRequest;
                                    n.HandleResponse();
                                    // Challenge again, so it will try to Sign in again
                                    n.OwinContext.Authentication.Challenge(new AuthenticationProperties
                                    {
                                        RedirectUri = SsoSettings.RedirectUri,
                                    }, SsoSettings.AuthenticationType);
                                }
                            }
                            // If we are going to logout, but the user is not authenticated or the token is not valid
                            if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                            {
                                // Try to send IdToken, so that the post_logout_redirect_uri is enabled
                                var idTokenHint = n.OwinContext.Get<string>(SsoSettings.IdTokenKey);
                                if (idTokenHint != null)
                                {
                                    n.ProtocolMessage.IdTokenHint = idTokenHint;
                                }
                            }
                            return Task.FromResult(0);
                        },
                        SecurityTokenValidated = ctx =>
                        {
                            //Ignore scheme/host name in redirect Uri to make sure a redirect to HTTPS does not redirect back to HTTP
                            var redirect = new Uri(ctx.AuthenticationTicket.Properties.RedirectUri, UriKind.RelativeOrAbsolute);
                            if (redirect.IsAbsoluteUri)
                                ctx.AuthenticationTicket.Properties.RedirectUri = redirect.PathAndQuery;
                            return Task.FromResult(0);
                        },
                        //Nonce Validation Error after claering all cookies and loggin in again:
                        //IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'.
                        //workaound found here: https://github.com/IdentityServer/IdentityServer3/issues/931#issuecomment-237958480
                        AuthenticationFailed = (context) =>
                        {
                            if (context.Exception.Message.StartsWith("OICE_20004") ||
                                context.Exception.Message.Contains("IDX10311"))
                            {
                                context.SkipToNextMiddleware();
                                return Task.FromResult(0);
                            }
                            return Task.FromResult(0);
                        }
                    }
                });
            app.Map("/util/logout.aspx", map =>
            {
                map.Run(ctx =>
                {
                    var currentHost = ctx.Request.Uri.GetLeftPart(UriPartial.Authority);
                    var returnUrl = $"{currentHost}/maintenance";
                    AuthenticationHelper.Logout(returnUrl);
                    return Task.FromResult(0);
                });
            });
            //Add stage marker to make sure OpenID Connect runs on Authenticate (before URL Authorization and virtual roles)
            app.UseStageMarker(PipelineStage.Authenticate);
            //Tell antiforgery to use the name claim
            AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
        }

Web.config

<configuration><system.web><authentication mode="None"><profile enabled="true" defaultProvider="SqlProfile" automaticSaveEnabled="true"><properties><add name="Address" type="System.String" />
        ...</properties><providers><clear /><add name="SqlProfile" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="EPiServerDB" applicationName="EPiServerSample" /></providers></profile><membership><providers><clear /></providers></membership><roleManager enabled="false"><providers><clear /></providers></roleManager><authorization><allow roles="CRMUsers, WebEditors, WebAdmins" /><deny users="*" /></authorization></system.web><episerver.framework><virtualRoles addClaims="true"><providers><add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" /><add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" /><add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" /><add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" /><add name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators, CustomerPortalWebAdmins" mode="Any" /><add name="WebAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators, CustomerPortalWebAdmins" mode="Any" /><add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors, CustomerPortalWebAdmins" mode="Any" /><add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" /><add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators, CustomerPortalWebAdmins" mode="Any" /></providers></virtualRoles>
	...<securityEntity><providers><add name="SynchronizingProvider" type="EPiServer.Security.SynchronizingRolesSecurityEntityProvider, EPiServer" /></providers></securityEntity>	</episerver.framework></configuration>

I have a solution in which I spin up a service as a singleton instance. It inherits IDisposable in order to properly flush and clean up internals. However, the Dispose method is never called, because the StructureMap container itself is never disposed by Episerver.

I attempted to call IContainer.Dispose from a IConfigurableModule.Uninitialize method. But I cannot touch the IContainer in any context other context than IConfigurableModule.ConfigureContainer.

It would be very nice if you could make the IServiceConfigurationProvider interface inherit from IDisposable, and then explicitly dispose it on shutdown. Because then I would be able to remove my custom solution to this problem.

Usually I see infrastructure with a Episerver admin server within a DMZ and X number of front servers which are public. The front servers are usually "equal" to the admin server, except for restricting access to the admin interface. This seems like a wierd solution - to include the admin parts but to restrict access to it. It would sound more rational to not include the admin parts at all (and therefore not having to restrict stuff). A nice solution would be to have one development project for the front server, and another project for the admin server which reference the front server project and just adds the admin parts.

So, in an attempt to try my theory in practice, I started removing the *.UI nuget packages. However, I couldn't get far before I noticed some packages required me to keep many of the UI packages - for example EPiServer.CMS.UI.AspNetIdentity and EPiServer.Find.Cms, so I gave up.

Did anyone of you ever attempt to create a site truly without any admin stuff? I would assume that this solution would also be slightly better performant.

Hello Team,

I would like to know if using more caching could be a way to imporve BF read perfomance , what other tircks you have to do so as well?

Thanks

Hello

TL;DR; I'm looking for assistence using multiple certificates for authentication of webrequests against an external API form the DXC encironemnts. 

I'm working with an external API that requiers multiple certificats for authentication when making requests. (Swish Paymetns)

My code works well in local environemnt, and it works under certain conditions in DXC Integration and PreProduction.

This is an example from the integration guide for the API to test for successfull connection. Users are provided one personal cert as well as the root cert .pem file.

curl -s -S -i --cert <path-to-certificate-file>:<password> --cert-type
p12 --cacert <path-to-rootCA-pem-file> --tlsv1.1 --header "Content-Type:
application/json"<endpoint-url> --data '<json-formatted-data>'

In my application, my first approach was to install the certificats on my local machine, as well as in the Azure Web App Certificate Store. I then used thumbprints to find and load the certificates. This worked well, and I deployed the code to the DXC and verified my integration. But at my next deploy of code, the public certificates had been removed from the Azure Certificate Store! Through Epi Support, I learned that this is intentional from Microsoft when new slots are copied, as is being done in DXC-deployment scripts. So, the certificats would have to be uploaded again after each deploy which is not a long term solution...

Microsoft suggested placing the public parts of the certificates in the file system, and reading them from there. 

I adjusted my code, and for good measure placed both .pfx and .pem fil in the wwwroot, and read the certificates directly from file, ignoring the Azure Certificate Store.

In my local setup, this works well, and when uploading to DXC, it works, BUT only when the public certificates are still in the Azure Certificate Store.... (WHAT!?)

So, even when both certificates are read from file, if they are missing from the Certificate Store, the requests still fails.

I'm looking for input in using client certificates for authenticating requests to an external API in the DXC.

Below is my code to read the certificate from file. This is called twice, once for each certificate. 

       private static X509Certificate2 GetClientCertFromFile(string certName, string password = "")
        {
            byte[] certFile = new byte[0];
            string rootPath = String.Empty;
            try
            {
                rootPath = HttpContext.Current.Server.MapPath("~");
                string certificatePath = $"{rootPath}\\Assets\\Certificates\\{certName}";
                certFile = File.ReadAllBytes(certificatePath);
            }
            catch (Exception e)
            {
                Logger.Error(e.Message, e);
            }
            X509Certificate2 cert = new X509Certificate2();
            if (string.IsNullOrWhiteSpace(password))
            {
                cert.Import(certFile);
            }
            else
            {
                cert.Import(certFile, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
            }
            return cert;
        }

Best regards,

Ludvig

Hi,

I have the following synonyms defined in the Episerver find backend:

All langugages: 123 <> training
Dutch: 456 <> training

This is the relevant part of my search code:

            multiSearch.Search<ISearchableTraining, SearchResult>(language, search =>
            {
                var searchQuery = search
                    .For(query)
                    .UsingSynonyms()
                    .ApplyBestBets()
                    .PublishedInCurrentLanguage()
                    .FilterOnCurrentMarket()
                    .ExcludeDeleted()
                    .Filter(x => x.SearchAvailability, x => x.MarketId.Match(currentMarket.MarketId.Value) & x.IsAvailable.Match(true));
                return searchQuery
                    .Take(100)
                    .Track()
                    .Select(x => new SearchResult(iconWidth, iconHeight)
                    {
                        Name = x.Name,
                        Url = x.ContentLink.GetUrl(true),
                        Type = SearchCategoryValue.Trainings,
                        DisplayType = LocalizationService.Current.GetString("/search/type/trainingen"),
                        Icon = x.Icon,
                        Intro = x.Intro,
                        BackgroundColor = x.BackgroundColor
                    });
            });

When the language == Language.Dutch, and the query == "123" then the UsingSynonyms is working as expected.
But when the language == Language.Dutch, and the query == "456" then the UsingSynonyms is NOT working as expected. I get 0 results. I expect to get the same results as when searching for "123".

Why is this not working as expected?

Kind regards,
Niels

Hi,

What is the best way to add/change values of form elements when editing/changing another element?

The AutofillProviders method "GetSuggestedValues" only seems to run on initializing the form, is it possible to trigger the method thru api?

I could of course do it with my own javascript and backend api but I would like to make use of EPiForms built in functionality as mutch as possible.

Anyone have any iées?

Regards

/Jesper

I have used QueryStringQuery.DefaultOperator to change the default operator of the query. My intention is to make the search operator 'AND' instead of 'OR'.

IClient client = SearchClient.Instance;
client.Search<SearchType>().For(Query, q=> {
                    q.DefaultOperator = BooleanOperator.And;
                }).Take(1000).GetResult();

And also I have got to know that the WithAndAsDefaultOperator() does the same thing as above ('AND' search instead of 'OR').

IClient client = SearchClient.Instance;
client.Search<SearchType>().For(Query).WithAndAsDefaultOperator().Take(1000).GetResult();

Are these two search implementations do the same thing without any difference in the resultset?

Note: I did not find the WithAndAsDefaultOperator() in the Episerver Find Documentration. It's better if anyone could share the link of that just to refer.

Thanks.

Epi version: 11.11.3.0
Commerce version: 12.17.2.0

We have some catalog categories that are throwing "An item with the same key has already been added" exceptions when we attempt to GetChildren on the category's contentLink. The categories in question work for the en-us culture, but the en-ca versions are blowing up. The <T> in question is our product interface. Our categories can have subcategories and the retrieval of those children works, but the product children causes that Epi call to fail.

Clearly, something is corrupt/misconfigured about those products, but I'm trying to figure out what it is (which will hopefully help me track down how it happened and prevent it in the future). Even if I could just know what key is duplicated, it might be helpful.

Partial stack trace (for some reason, the full one won't submit):

[ArgumentException: An item with the same key has already been added.]
   System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) +56
   System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add) +12948432
   System.Collections.Generic.Dictionary`2.Add(TKey key, TValue value) +16
   Mediachase.MetaDataPlus.Configurator.MetaObjectDB.LoadBatchOfMetaObjectData(MetaDataContext context, CatalogMetaObjectLoadSet loadSet) +1269
   Mediachase.MetaDataPlus.Internal.<DoLoadFromDb>d__14.MoveNext() +294
   System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +186
   System.Linq.Enumerable.ToList(IEnumerable`1 source) +54
   Mediachase.MetaDataPlus.Internal.<DoLoad>d__11.MoveNext() +703
   System.Linq.Enumerable.ToDictionary(IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer) +157
   EPiServer.Commerce.Catalog.Provider.Construction.MetaDataContentBuilder.GetMetaObjects(IDictionary`2 metaObjectIdsByClassId, String language) +334
   EPiServer.Commerce.Catalog.Provider.Construction.EntryBuilder.GetMetaObjects(IEnumerable`1 entryRows, String language) +317
   EPiServer.Commerce.Catalog.Provider.Construction.EntryBuilder.ConstructEntries(CatalogEntryDto entryDto, IDictionary`2 versionsForUnpublishedContent, IList`1 entryNodeRelations, String language) +509
   EPiServer.Commerce.Catalog.Provider.Construction.EntryBuilder.Create(IList`1 contentLinks, String language) +638
   EPiServer.Commerce.Catalog.Provider.<>c__DisplayClass10_0.<LoadSpecificContentInstances>b__0(ICatalogContentBuilder builder, IList`1 links) +16
   EPiServer.Commerce.Catalog.Provider.CatalogContentLoader.ConstructContent(IList`1 contentLinks, Func`3 createContentFunc) +339
   EPiServer.Commerce.Catalog.Provider.CatalogContentLoader.LoadSpecificContentInstances(IList`1 contentLinks, String language) +453
   EPiServer.Commerce.Catalog.Provider.<>c__DisplayClass29_0.<LoadContents>b__1(IList`1 refs) +22
   EPiServer.Commerce.Catalog.Provider.CatalogContentProvider.BatchLoad(IList`1 contentLinks, Func`2 dbLoader) +141
   EPiServer.Commerce.Catalog.Provider.CatalogContentProvider.LoadContents(IList`1 contentReferences, ILanguageSelector selector) +490
   EPiServer.Core.ContentProvider.GetContentBatch(IList`1 batch, ILanguageSelector selector, List`1& contents, Dictionary`2& contentMap) +85
   EPiServer.Core.ContentProvider.GetScatteredContents(IEnumerable`1 contentLinks, ILanguageSelector selector) +676
   EPiServer.Core.ContentProvider.LoadBatched(IList`1 contentReferences, ILanguageSelector selector) +61
   EPiServer.Core.Internal.ProviderPipelineImplementation.GetItems(ContentProvider provider, IList`1 contentLinks, LoaderOptions loaderOptions) +225
   EPiServer.Core.Internal.DefaultContentLoader.GetChildren(ContentReference contentLink, LoaderOptions loaderOptions, Int32 startIndex, Int32 maxRows) +1170
   EPiServer.Core.Internal.DefaultContentLoader.GetChildren(ContentReference contentLink, LoaderOptions loaderOptions) +67
   EPiServer.Core.Internal.DefaultContentLoader.GetChildren(ContentReference contentLink) +69
   EPiServer.Core.ContentReferenceExtension.GetChildren(ContentReference contentLink) in C:\dev\pixcms\src\Polaris.CMS.Common\Extensions\ContentReferenceExtension.cs:157

Hello,

We have been using the same code for many months to search for products in our catalog. Recently though we started having issues where the same search query would produce different results. Sometimes the results are correct, but a lot of the time they are wrong as the results do not include products that should be there. This happens both through our production and dev indexes. I went through our code and setup some tests and found out that FilterForVisitor() was causing the issues. Once I took that out, the results became consistent, but we need this because, as I have read, it filters out unpublished products.

I am not sure what might have changed in our environments to cause FilterForVisitor() to stop working, but any guidance would be highly appreaciated.

Thanks

Episerver v11.12.0 hosted at Episerver Azure

I am using FIND to list specific blocks that I pull from a folder.  However, the search included blocks that are marked Expired.  I am using the extensions CurrentlyPublished().FilterForVisitor().ExcludeDeleted().  I have several other parameters I'm adding to the search.  Is it possible I'm loading adding them in the wrong order?

var query = SearchClient.Instance.Search<ArticlePage>();
query = query.Filter(y => y.Ancestors().Match(insightsPage.PageLink.ID.ToString()));
if (!string.IsNullOrEmpty(queryString))
{
    query = query.For(queryString, q =>
        {
            q.Query = $"*{q.Query}*";
            q.Boost = 2;
            q.DefaultOperator = EPiServer.Find.Api.Querying.Queries.BooleanOperator.And;
        });
}
var filterBuilder = SearchClient.Instance.BuildFilter<IInsightPage>().FilterOnCurrentSite()
    .CurrentlyPublished().FilterForVisitor().ExcludeDeleted();
if (categories != null && categories.Any()) {
    foreach (var category in categories)
    {
        filterBuilder = filterBuilder.And(x => x.SearchCategories().Match(category));
    }
    query = query.Filter(filterBuilder);
}
query = query.OrderBy(page => page.Heading);
var results = query.GetContentResult();

Hi,

My webapp host on DXC as mutiple sites and intergrated with ADFS.

I want to set Wtrealm property based on domain. But in startup it's init too early to catch domain name. So i can't handle return uri based on multisite

For examle:

if user access domain

  abc.com.sg then Wtrealm = abc.com.sg

  abc.com.vn then Wtrealm =   abc.com.vn

Code example

 public class Startup
    {
        const string LogoutUrl = "/util/logout.aspx";
        public void Configuration(IAppBuilder app)
        {
            // Add CMS integration for ASP.NET Identity
            app.AddCmsAspNetIdentity<SiteUser>();
            //app.AddCmsAspNetIdentity<SiteUser>(new ApplicationOptions()
            //{
            //    ConnectionStringName = _connectionStringHandler.Commerce.Name
            //});
            //federated authentication
            app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
            });
            app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
            {
                //URL to federation server meta data
                //AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
                MetadataAddress = ConfigurationManager.AppSettings["MetadataAddress"],
                //Value of Wtrealm must *exactly* match what is configured in the federation server
                Wtrealm = ConfigurationManager.AppSettings["AdfsWtRealm"],
                UseTokenLifetime = false,
                Notifications = new WsFederationAuthenticationNotifications()

Regards,

Thang Le

I have a page which has a property of type XHTML String. Contributors drag other pages in this area. If this page is expired or deleted, is there a way to find out if its referered in xhtml string.

Typically EpiServer prompts deleting a content if it is referenced somewhere but I am assuming that doesn't happen if the page is in xhtml editor string. Any ideas or thoughts on this?

There seems not to be any dojo plugin area for the header area in admin ui, where name, urlsegment, type, id, tools are.

Wanting to put a custom widget in header not possible without using ugly hack:

https://devblog.gosso.se/2020/02/the-missing-feature-link-to-containing-parent-for-media-and-blocks-when-not-used/

yes, i know you can put a property in the  header, but that is not the same is it?

Regards Luc

I have noticed that after updating to latest version of EpiFind, I can't find any results using 'like'. For example, let's have a phrase "abcdef", then when I use UnifiedSearch with phrase "abc", it will not return any result. 

Can anybody confirm it?

Is there any way to find out when a user was the last login to Episerver? 

How this will impact on EPi Find, getting the following message in console

A cookie associated with a cross-site resource at https://dl.episerver.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Hi,

I need to customise the "Display message after form submission" displayed to a user after submitting a form using EPiServer Forms. I have a message set already and I need to add a unique reference number to this message for the user once the form is submitted.

I see there is a DataSubmissionService which has a FormsSubmissionFinalized event, is this the best thing to use? If so, how do I implement this? I can't see anything obvious. Are there any other approaches?

Thanks in advance,

Mark

I have a pretty unsual request for setting up a multi market/language site in Episerver.

Today the client has a normal setup with a number of sites in Episerver, one for each country market. Each market has a few languages. Some markets can even share languages. All the market sites need to have their own page tree since the content is too unique for each market.

For example.
Swedish market site has swedish as base language and is available on english as well. Uses .se domain.
Finnish market site has finnish as base language and is available on english and swedish as well. Uses .fi domain.

Now the request is to collect all the markets under one top domain; .com

What I'm looking for is a way to have a url like client.com/se for swedish market in swedish, and then client.com/se-en/ for swedish market in english. And I would have to find a way to redirect swedish visitor to client.com/se, finnish visitor to client.com/fi and so on.

Hi,

For a client's project we need to create block types at runtime. This means that we create the block type without a backing model (class). The creation goes well and the block type is visible as a content type in the admin interface. However, the new block type is not available when trying to create an instance of it from the edit interface. I click the "+" icon in the assets pane, but the created block type is not in the list of available types.

Grateful for some insight.